This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

Display registration page after PRE_AUTH authentication

Mar 28th, 2011, 04:33 PM

I've set up Spring Security successfully using a PRE_AUTH_FILTER.

Visitors can signin the application using Twitter, Facebook etc using the Janrain4j library.
I'm also using a custom AuthenticationSuccessHandler which determines if a signed in user is visiting the application for the first time or not. In this case I redirect to a registration page where the visitor has to confirm name, e-mail etc.
In my UserDetailsService I check if the user is stored in the application DB and if not the authority UNREGISTERED is set to indicate the user has not yet registered.

This works very well as Spring Security is very flexible.

When the visitor wants to avoid the registration (he/she can click a link on the page) I want to force them to go back to registration page.
The rule for this is quit easy. Authenticated and contains the role UNREGISTERED.
Off course I could write a ordinary servlet filter (outside Spring Security) to check this.
But I'm wondering if Spring Security has something for this.

Comment

Hmm. Actually it doesn't redirect them to the registration page, looking at it again. If they choose to bypass it (by typing in a different URL, for example), then they will get an AccessDeniedException. Generally the workflow within the registration controller would prevent them leaving using normal navigation via links, form submissions etc.